From 8a68ac0d5b85f896dd59042c207bc63c3d026f7d Mon Sep 17 00:00:00 2001 From: 0livd Date: Fri, 15 Dec 2017 17:10:28 +0100 Subject: Use token based auth in invitation e-mails (#280) * Use token based auth in invitation e-mails Invitation e-mails no longer contain the clear text project password * Skip invite page after project creation - Replace ``The project identifier is demo, remember it!`` by ``Invite other people to join this project!`` (linking to the invite page) - Encourage users to share the project password via other communication means in the reminder email --- ihatemoney/templates/invitation_mail.en | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'ihatemoney/templates/invitation_mail.en') diff --git a/ihatemoney/templates/invitation_mail.en b/ihatemoney/templates/invitation_mail.en index 03f5141..eeaafdb 100644 --- a/ihatemoney/templates/invitation_mail.en +++ b/ihatemoney/templates/invitation_mail.en @@ -4,7 +4,9 @@ Someone using the email address {{ g.project.contact_email }} invited you to sha It's as simple as saying what did you paid for, for who, and how much did it cost you, we are caring about the rest. -You can access it here: {{ config['SITE_URL'] }}{{ url_for(".list_bills") }} and the private code is "{{ g.project.password }}". +You can log in using this link: {{ url_for(".authenticate", _external=True, token=g.project.generate_token()) }}. +Once logged in you can use the following link which is easier to remember: {{ url_for(".list_bills", _external=True) }} +If your cookie gets deleted or if you log out, you will need to log back in using the first link. Enjoy, Some weird guys (with beards) -- cgit v1.1